White House Network Hit by Spear Phishing, No Data Stolen

As the story in the Free Beacon goes, attackers, allegedly based in China, targeted an unclassified network inside the White House Military Office and managed to compromise one of the computers with a spear phishing attack earlier this month. The White House identified the attack and isolated the system, and no data was taken, according to the report.

This site may earn affiliate commissions from the links on this page. Terms of use.

Cyber-attackers linked to the Chinese government may have attempted to breach an unclassified network at the White House, reported The Washington Free Beacon. While that makes for great headlines, nothing happened.

As the story in the Free Beacon goes, attackers, allegedly based in China, targeted an unclassified network inside the White House Military Office and managed to compromise one of the computers with a spear phishing attack earlier this month. The White House identified the attack and isolated the system, and no data was taken, according to the report.

Defense and intelligence officials familiar with the incident told the conservative publication it was "one of Beijing's most brazen cyber-attacks" against the United States.

White House officials confirmed the incident, but downplayed the impact to POLITICO. The attempted attack affected an unclassified network and there was no evidence that any information had been stolen, a White House official told POLITICO on background. None of the secure classified systems were affected, POLITICO said.

Big Deal or Not?The attempt began with an email attached with malware as a spear phishing attack, the official told POLITICO. In this case, an attacker sent a specially crafted email to the targeted individual in hopes the victim to download the attachment, which infected the machine with malware. The malware would then contact the command-and-control server for instructions, but in this case, was identified and blocked from executing.

The fact that the attack happened on an unclassified network makes it even more likely the attackers were never within reach of sensitive information such as those relating to nuclear weapons that the WHMO is in charge of. Defense officials have said several times in the past that government networks are under continuous attacks from booby-trapped emails and network probes looking for a way in. It's likely the White House is under that same level of malicious scrutiny, and a computer got infected.

It's not that the attack was particularly sophisticated, but that the email was crafted well enough to fool the recipient. Other major companies have fallen for this tactic. Ask RSA Security. The win here is that, as far as White House officials can tell, nothing was stolen.

"The White House, every Fortune 1,000 and Global 2,000 organization – medium sized business, small business, consumers – ALL are at risk from spear phishing attacks," Anup Ghosh, CEO of Invincea, told SecurityWatch. "The cyber security industry is woefully behind the curve in terms of protecting the network from spear-phishing attacks against employees," Ghosh said.

Users need to be placed in a bubble via virtualization so that when they fall for a spear phishing attack, it's the virtual environment that is affected, rather than the user system, Ghosh said. Once the virtual machine is wiped, the infection is gone. Organizations need to adopt these new technology approaches now on the market, instead of the current reactive mindset "where we are always playing catch up to intrusions," Ghosh said.

China Connection UnlikelyFree Beacon's sources said the attack was the work of "Chinese military cyber warfare specialists under the direction of a unit called the 4th Department of General Staff of the People's Liberation Army."

Ghosh was quick to caution against jumping to conclusions just because the C&C server was based in China. While China has been aggressively targeting American corporations for intellectual property and government agencies for critical national security information over the past two years, it was still "too preliminary to determine conclusively," Ghosh warned.

The Chinese C&C server is "a bit of a red herring" as most C&C servers are usually registered outside of the originating attacker, Ghosh said.

Fahmida Y. Rashid is a senior analyst for business at PCMag.com. She focuses on ways businesses can use technology to work efficiently and easily. She is paranoid about security and privacy, and considers security implications when evaluating business technology. She has written for eWEEK, Dark Reading, and SecurityWeek covering security, core Internet infrastructure, and open source.
Follow me on Twitter: zdfyrashid
More »